provide the required pledge request for pledge_fail().
ok deraadt@
-/* $OpenBSD: kern_pledge.c,v 1.74 2015/10/25 20:39:54 deraadt Exp $ */
+/* $OpenBSD: kern_pledge.c,v 1.75 2015/10/26 07:24:20 semarie Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
}
int
-pledge_check(struct proc *p, int code)
+pledge_check(struct proc *p, int code, int *tval)
{
p->p_pledgenote = p->p_pledgeafter = 0; /* XX optimise? */
p->p_pledge_syscall = code;
+ *tval = 0;
if (code < 0 || code > SYS_MAXSYSCALL - 1)
+ return (EINVAL);
+
+ if ((p->p_p->ps_pledge == 0) &&
+ (code == SYS_exit || code == SYS_kbind))
return (0);
- if (p->p_p->ps_pledge == 0)
- return (code == SYS_exit || code == SYS_kbind);
- return (p->p_p->ps_pledge & pledge_syscalls[code]);
+ if (p->p_p->ps_pledge & pledge_syscalls[code])
+ return (0);
+
+ *tval = pledge_syscalls[code];
+ return (EPERM);
}
int
-/* $OpenBSD: pledge.h,v 1.12 2015/10/25 20:39:54 deraadt Exp $ */
+/* $OpenBSD: pledge.h,v 1.13 2015/10/26 07:24:20 semarie Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
#ifdef _KERNEL
-int pledge_check(struct proc *, int);
+int pledge_check(struct proc *, int, int *);
int pledge_fail(struct proc *, int, int);
int pledge_namei(struct proc *, char *);
void pledge_aftersyscall(struct proc *, int, int);
-/* $OpenBSD: syscall_mi.h,v 1.11 2015/10/09 01:17:18 deraadt Exp $ */
+/* $OpenBSD: syscall_mi.h,v 1.12 2015/10/26 07:24:20 semarie Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1993
if (lock)
KERNEL_LOCK();
pledged = (p->p_p->ps_flags & PS_PLEDGE);
- if (pledged && !(tval = pledge_check(p, code))) {
+ if (pledged && (error = pledge_check(p, code, &tval))) {
if (!lock)
KERNEL_LOCK();
- error = pledge_fail(p, EPERM, tval);
+ error = pledge_fail(p, error, tval);
KERNEL_UNLOCK();
return (error);
}
projects / openbsd / commitdiff